archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
3.2 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/irtl/icrypt/lib/exchsrv.cxx

402 lines
8.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. exchange.cxx
  9. Abstract:
  11. This module implements the IIS_CRYPTO_EXCHANGE_SERVER class.
  13. Author:
  15. Keith Moore (keithmo) 02-Dec-1996
  17. Revision History:
  19. --*/
  22. #include "precomp.hxx"
  23. #pragma hdrstop
  26. //
  27. // Private constants.
  28. //
  31. //
  32. // Private types.
  33. //
  36. //
  37. // Private globals.
  38. //
  41. //
  42. // Private prototypes.
  43. //
  46. //
  47. // Public functions.
  48. //
  51. IIS_CRYPTO_EXCHANGE_SERVER::IIS_CRYPTO_EXCHANGE_SERVER()
  53. /*++
  55. Routine Description:
  57. IIS_CRYPTO_EXCHANGE_SERVER class constructor.
  59. Arguments:
  61. None.
  63. Return Value:
  65. None.
  67. --*/
  69. {
  71. //
  72. // Just put the member variables into known states.
  73. //
  75. m_hClientKeyExchangeKey = CRYPT_NULL;
  76. m_hClientSignatureKey = CRYPT_NULL;
  78. } // IIS_CRYPTO_EXCHANGE_SERVER::IIS_CRYPTO_EXCHANGE_SERVER
  81. IIS_CRYPTO_EXCHANGE_SERVER::~IIS_CRYPTO_EXCHANGE_SERVER()
  83. /*++
  85. Routine Description:
  87. IIS_CRYPTO_EXCHANGE_SERVER class destructor.
  89. Arguments:
  91. None.
  93. Return Value:
  95. None.
  97. --*/
  99. {
  101. //
  102. // Close any open keys.
  103. //
  105. CLOSE_KEY( m_hClientKeyExchangeKey );
  106. CLOSE_KEY( m_hClientSignatureKey );
  108. } // IIS_CRYPTO_EXCHANGE_SERVER::~IIS_CRYPTO_EXCHANGE_SERVER
  111. HRESULT
  112. IIS_CRYPTO_EXCHANGE_SERVER::ServerPhase1(
  113. IN PIIS_CRYPTO_BLOB pClientKeyExchangeKeyBlob,
  114. IN PIIS_CRYPTO_BLOB pClientSignatureKeyBlob,
  115. OUT PIIS_CRYPTO_BLOB * ppServerKeyExchangeKeyBlob,
  116. OUT PIIS_CRYPTO_BLOB * ppServerSignatureKeyBlob,
  117. OUT PIIS_CRYPTO_BLOB * ppServerSessionKeyBlob
  118. )
  120. /*++
  122. Routine Description:
  124. Performs server-side phase 1 of the multi-phase key exchange protocol.
  126. Arguments:
  128. pClientKeyExchangeKeyBlob - Pointer to the client's key exchange key
  129. public blob.
  131. pClientSignatureKeyBlob - Pointer to the client's signature public
  132. blob.
  134. ppServerKeyExchangeKeyBlob - Receives a pointer to the server's key
  135. exchange key public blob if successful. It is the server's
  136. responsibility to (somehow) transmit this to the client.
  138. ppServerSignatureKeyBlob - Receives a pointer to the server's signature
  139. public blob if successful. It is the server's responsibility to
  140. (somehow) transmit this to the client.
  142. ppServerSessionKeyBlob - Receives a pointer to the server's
  143. session key blob if successful. It is the server's responsibility
  144. to (somehow) transmit this to the client.
  146. Return Value:
  148. HRESULT - Completion status, 0 if successful, !0 otherwise.
  150. --*/
  152. {
  154. HRESULT result;
  155. PIIS_CRYPTO_BLOB keyExchangeKeyBlob = NULL;
  156. PIIS_CRYPTO_BLOB signatureKeyBlob = NULL;
  157. PIIS_CRYPTO_BLOB sessionKeyBlob = NULL;
  159. //
  160. // Sanity check.
  161. //
  163. DBG_ASSERT( ValidateState() );
  164. DBG_ASSERT( pClientKeyExchangeKeyBlob != NULL );
  165. DBG_ASSERT( ::IISCryptoIsValidBlob( pClientKeyExchangeKeyBlob ) );
  166. DBG_ASSERT( pClientSignatureKeyBlob != NULL );
  167. DBG_ASSERT( ::IISCryptoIsValidBlob( pClientSignatureKeyBlob ) );
  168. DBG_ASSERT( ppServerKeyExchangeKeyBlob != NULL );
  169. DBG_ASSERT( ppServerSessionKeyBlob != NULL );
  171. //
  172. // Import the client's keys.
  173. //
  175. DBG_ASSERT( m_hClientKeyExchangeKey == CRYPT_NULL );
  176. result = ::IISCryptoImportPublicKeyBlob(
  177. &m_hClientKeyExchangeKey,
  178. pClientKeyExchangeKeyBlob,
  179. m_hProv
  180. );
  182. if( FAILED(result) ) {
  183. goto fatal;
  184. }
  186. DBG_ASSERT( m_hClientSignatureKey == CRYPT_NULL );
  187. result = ::IISCryptoImportPublicKeyBlob(
  188. &m_hClientSignatureKey,
  189. pClientSignatureKeyBlob,
  190. m_hProv
  191. );
  193. if( FAILED(result) ) {
  194. goto fatal;
  195. }
  197. //
  198. // Export the key exchange key blob.
  199. //
  201. result = ::IISCryptoExportPublicKeyBlob(
  202. &keyExchangeKeyBlob,
  203. m_hProv,
  204. m_hKeyExchangeKey
  205. );
  207. if( FAILED(result) ) {
  208. goto fatal;
  209. }
  211. //
  212. // Export the signature key blob.
  213. //
  215. result = ::IISCryptoExportPublicKeyBlob(
  216. &signatureKeyBlob,
  217. m_hProv,
  218. m_hSignatureKey
  219. );
  221. if( FAILED(result) ) {
  222. goto fatal;
  223. }
  225. //
  226. // Generate our local session key.
  227. //
  229. DBG_ASSERT( m_hServerSessionKey == CRYPT_NULL );
  230. result = ::IISCryptoGenerateSessionKey(
  231. &m_hServerSessionKey,
  232. m_hProv
  233. );
  235. if( FAILED(result) ) {
  236. goto fatal;
  237. }
  239. //
  240. // Export it.
  241. //
  243. result = SafeExportSessionKeyBlob(
  244. &sessionKeyBlob,
  245. m_hProv,
  246. m_hServerSessionKey,
  247. m_hClientKeyExchangeKey
  248. );
  250. if( FAILED(result) ) {
  251. goto fatal;
  252. }
  254. //
  255. // Success!
  256. //
  258. *ppServerKeyExchangeKeyBlob = keyExchangeKeyBlob;
  259. *ppServerSignatureKeyBlob = signatureKeyBlob;
  260. *ppServerSessionKeyBlob = sessionKeyBlob;
  262. return NO_ERROR;
  264. fatal:
  266. FREE_BLOB(sessionKeyBlob);
  267. FREE_BLOB(signatureKeyBlob);
  268. FREE_BLOB(keyExchangeKeyBlob);
  270. DBG_ASSERT( FAILED(result) );
  271. return result;
  273. } // IIS_CRYPTO_EXCHANGE_SERVER::ServerPhase1
  276. HRESULT
  277. IIS_CRYPTO_EXCHANGE_SERVER::ServerPhase2(
  278. IN PIIS_CRYPTO_BLOB pClientSessionKeyBlob,
  279. IN PIIS_CRYPTO_BLOB pClientHashBlob,
  280. OUT PIIS_CRYPTO_BLOB * ppServerHashBlob
  281. )
  283. /*++
  285. Routine Description:
  287. Performs server-side phase 2 of the multi-phase key exchange protocol.
  289. Arguments:
  291. pClientSessionKeyBlob - Pointer to the client's session key blob.
  293. pClientHashBlob - Pointer to the client's hash blob.
  295. ppServerHashBlob - Receives a pointer to the server's hash blob
  296. if successful.
  299. Return Value:
  301. HRESULT - Completion status, 0 if successful, !0 otherwise.
  303. --*/
  305. {
  307. HRESULT result;
  308. PIIS_CRYPTO_BLOB phase3HashBlob;
  309. PIIS_CRYPTO_BLOB phase4HashBlob;
  311. //
  312. // Sanity check.
  313. //
  315. DBG_ASSERT( ValidateState() );
  316. DBG_ASSERT( pClientSessionKeyBlob != NULL );
  317. DBG_ASSERT( IISCryptoIsValidBlob( pClientSessionKeyBlob ) );
  318. DBG_ASSERT( pClientHashBlob != NULL );
  319. DBG_ASSERT( IISCryptoIsValidBlob( pClientHashBlob ) );
  320. DBG_ASSERT( ppServerHashBlob != NULL );
  322. //
  323. // Setup our locals so we know how to cleanup on exit.
  324. //
  326. phase3HashBlob = NULL;
  327. phase4HashBlob = NULL;
  329. //
  330. // Import the client's session key.
  331. //
  333. DBG_ASSERT( m_hClientSessionKey == CRYPT_NULL );
  334. result = SafeImportSessionKeyBlob(
  335. &m_hClientSessionKey,
  336. pClientSessionKeyBlob,
  337. m_hProv,
  338. m_hClientSignatureKey
  339. );
  341. if( FAILED(result) ) {
  342. goto fatal;
  343. }
  345. //
  346. // Create the phase 3 hash and compare it with the incoming hash.
  347. //
  349. result = CreatePhase3Hash(
  350. &phase3HashBlob
  351. );
  353. if( FAILED(result) ) {
  354. goto fatal;
  355. }
  357. if( !::IISCryptoCompareBlobs(
  358. pClientHashBlob,
  359. phase3HashBlob
  360. ) ) {
  362. result = ERROR_INVALID_DATA;
  363. goto fatal;
  365. }
  367. //
  368. // Create the phase 4 hash to return to the client.
  369. //
  371. result = CreatePhase4Hash(
  372. &phase4HashBlob
  373. );
  375. if( FAILED(result) ) {
  376. goto fatal;
  377. }
  379. //
  380. // Success!
  381. //
  383. *ppServerHashBlob = phase4HashBlob;
  384. FREE_BLOB( phase3HashBlob );
  386. return NO_ERROR;
  388. fatal:
  390. FREE_BLOB( phase3HashBlob );
  391. FREE_BLOB( phase4HashBlob );
  393. DBG_ASSERT( FAILED(result) );
  394. return result;
  396. } // IIS_CRYPTO_EXCHANGE_SERVER::ServerPhase2
  399. //
  400. // Private functions.
  401. //